]> andersk Git - openssh.git/blame - mux.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- djm@cvs.openbsd.org 2010/01/28 00:21:18
[openssh.git] / mux.c
CommitLineData
279c74eb 1/* $OpenBSD: mux.c,v 1.12 2010/01/27 13:26:17 djm Exp $ */
3bcced4c 2/*
3 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/* ssh session multiplexing support */
19
f17f705b 20/*
21 * TODO:
a858eae9 22 * - Better signalling from master to slave, especially passing of
f17f705b 23 * error messages
a858eae9 24 * - Better fall-back from mux slave error to new connection.
25 * - ExitOnForwardingFailure
26 * - Maybe extension mechanisms for multi-X11/multi-agent forwarding
27 * - Support ~^Z in mux slaves.
28 * - Inspect or control sessions in master.
29 * - If we ever support the "signal" channel request, send signals on
30 * sessions in master.
f17f705b 31 */
32
a858eae9 33#include "includes.h"
34
3bcced4c 35#include <sys/types.h>
36#include <sys/param.h>
37#include <sys/stat.h>
38#include <sys/socket.h>
39#include <sys/un.h>
40
41#include <errno.h>
42#include <fcntl.h>
43#include <signal.h>
44#include <stdarg.h>
45#include <stddef.h>
46#include <stdlib.h>
47#include <stdio.h>
48#include <string.h>
49#include <unistd.h>
0894bbed 50#ifdef HAVE_PATHS_H
3bcced4c 51#include <paths.h>
0894bbed 52#endif
3bcced4c 53
a858eae9 54#ifdef HAVE_POLL_H
55#include <poll.h>
56#else
57# ifdef HAVE_SYS_POLL_H
58# include <sys/poll.h>
59# endif
60#endif
61
b3ef88dc 62#ifdef HAVE_UTIL_H
63# include <util.h>
64#endif
65
66#ifdef HAVE_LIBUTIL_H
67# include <libutil.h>
68#endif
69
3bcced4c 70#include "openbsd-compat/sys-queue.h"
71#include "xmalloc.h"
72#include "log.h"
73#include "ssh.h"
74#include "pathnames.h"
75#include "misc.h"
76#include "match.h"
77#include "buffer.h"
78#include "channels.h"
79#include "msg.h"
80#include "packet.h"
81#include "monitor_fdpass.h"
82#include "sshpty.h"
83#include "key.h"
84#include "readconf.h"
85#include "clientloop.h"
86
87/* from ssh.c */
88extern int tty_flag;
ccd01778 89extern int force_tty_flag;
3bcced4c 90extern Options options;
91extern int stdin_null_flag;
92extern char *host;
2e2c33ad 93extern int subsystem_flag;
3bcced4c 94extern Buffer command;
a858eae9 95extern volatile sig_atomic_t quit_pending;
96extern char *stdio_forward_host;
97extern int stdio_forward_port;
3bcced4c 98
f17f705b 99/* Context for session open confirmation callback */
100struct mux_session_confirm_ctx {
a858eae9 101 u_int want_tty;
102 u_int want_subsys;
103 u_int want_x_fwd;
104 u_int want_agent_fwd;
f17f705b 105 Buffer cmd;
106 char *term;
107 struct termios tio;
108 char **env;
109};
110
3bcced4c 111/* fd to control socket */
112int muxserver_sock = -1;
113
a858eae9 114/* client request id */
115u_int muxclient_request_id = 0;
116
3bcced4c 117/* Multiplexing control command */
118u_int muxclient_command = 0;
119
120/* Set when signalled. */
121static volatile sig_atomic_t muxclient_terminate = 0;
122
123/* PID of multiplex server */
124static u_int muxserver_pid = 0;
125
a858eae9 126static Channel *mux_listener_channel = NULL;
3bcced4c 127
a858eae9 128struct mux_master_state {
129 int hello_rcvd;
130};
3bcced4c 131
a858eae9 132/* mux protocol messages */
133#define MUX_MSG_HELLO 0x00000001
134#define MUX_C_NEW_SESSION 0x10000002
135#define MUX_C_ALIVE_CHECK 0x10000004
136#define MUX_C_TERMINATE 0x10000005
137#define MUX_C_OPEN_FWD 0x10000006
138#define MUX_C_CLOSE_FWD 0x10000007
139#define MUX_C_NEW_STDIO_FWD 0x10000008
140#define MUX_S_OK 0x80000001
141#define MUX_S_PERMISSION_DENIED 0x80000002
142#define MUX_S_FAILURE 0x80000003
143#define MUX_S_EXIT_MESSAGE 0x80000004
144#define MUX_S_ALIVE 0x80000005
145#define MUX_S_SESSION_OPENED 0x80000006
146
147/* type codes for MUX_C_OPEN_FWD and MUX_C_CLOSE_FWD */
148#define MUX_FWD_LOCAL 1
149#define MUX_FWD_REMOTE 2
150#define MUX_FWD_DYNAMIC 3
151
152static void mux_session_confirm(int, void *);
153
154static int process_mux_master_hello(u_int, Channel *, Buffer *, Buffer *);
155static int process_mux_new_session(u_int, Channel *, Buffer *, Buffer *);
156static int process_mux_alive_check(u_int, Channel *, Buffer *, Buffer *);
157static int process_mux_terminate(u_int, Channel *, Buffer *, Buffer *);
158static int process_mux_open_fwd(u_int, Channel *, Buffer *, Buffer *);
159static int process_mux_close_fwd(u_int, Channel *, Buffer *, Buffer *);
160static int process_mux_stdio_fwd(u_int, Channel *, Buffer *, Buffer *);
161
162static const struct {
163 u_int type;
164 int (*handler)(u_int, Channel *, Buffer *, Buffer *);
165} mux_master_handlers[] = {
166 { MUX_MSG_HELLO, process_mux_master_hello },
167 { MUX_C_NEW_SESSION, process_mux_new_session },
168 { MUX_C_ALIVE_CHECK, process_mux_alive_check },
169 { MUX_C_TERMINATE, process_mux_terminate },
170 { MUX_C_OPEN_FWD, process_mux_open_fwd },
171 { MUX_C_CLOSE_FWD, process_mux_close_fwd },
172 { MUX_C_NEW_STDIO_FWD, process_mux_stdio_fwd },
173 { 0, NULL }
174};
3bcced4c 175
a858eae9 176/* Cleanup callback fired on closure of mux slave _session_ channel */
177/* ARGSUSED */
178static void
179mux_master_session_cleanup_cb(int cid, void *unused)
180{
181 Channel *cc, *c = channel_by_id(cid);
182
183 debug3("%s: entering for channel %d", __func__, cid);
184 if (c == NULL)
185 fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
186 if (c->ctl_chan != -1) {
187 if ((cc = channel_by_id(c->ctl_chan)) == NULL)
188 fatal("%s: channel %d missing control channel %d",
189 __func__, c->self, c->ctl_chan);
190 c->ctl_chan = -1;
191 cc->remote_id = -1;
192 chan_rcvd_oclose(cc);
3bcced4c 193 }
a858eae9 194 channel_cancel_cleanup(c->self);
3bcced4c 195}
196
a858eae9 197/* Cleanup callback fired on closure of mux slave _control_ channel */
198/* ARGSUSED */
3bcced4c 199static void
a858eae9 200mux_master_control_cleanup_cb(int cid, void *unused)
3bcced4c 201{
a858eae9 202 Channel *sc, *c = channel_by_id(cid);
203
204 debug3("%s: entering for channel %d", __func__, cid);
205 if (c == NULL)
206 fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
207 if (c->remote_id != -1) {
208 if ((sc = channel_by_id(c->remote_id)) == NULL)
209 debug2("%s: channel %d n session channel %d",
210 __func__, c->self, c->remote_id);
211 c->remote_id = -1;
212 sc->ctl_chan = -1;
279c74eb 213 if (sc->type != SSH_CHANNEL_OPEN) {
214 debug2("%s: channel %d: not open", __func__, sc->self);
215 chan_mark_dead(c);
216 } else {
217 chan_read_failed(sc);
218 chan_write_failed(sc);
219 }
3bcced4c 220 }
a858eae9 221 channel_cancel_cleanup(c->self);
3bcced4c 222}
223
a858eae9 224/* Check mux client environment variables before passing them to mux master. */
225static int
226env_permitted(char *env)
3bcced4c 227{
a858eae9 228 int i, ret;
229 char name[1024], *cp;
3bcced4c 230
a858eae9 231 if ((cp = strchr(env, '=')) == NULL || cp == env)
3bcced4c 232 return 0;
a858eae9 233 ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);
234 if (ret <= 0 || (size_t)ret >= sizeof(name)) {
235 error("env_permitted: name '%.100s...' too long", env);
3bcced4c 236 return 0;
237 }
238
a858eae9 239 for (i = 0; i < options.num_send_env; i++)
240 if (match_pattern(name, options.send_env[i]))
241 return 1;
242
243 return 0;
244}
245
246/* Mux master protocol message handlers */
3bcced4c 247
a858eae9 248static int
249process_mux_master_hello(u_int rid, Channel *c, Buffer *m, Buffer *r)
250{
251 u_int ver;
252 struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
253
254 if (state == NULL)
255 fatal("%s: channel %d: c->mux_ctx == NULL", __func__, c->self);
256 if (state->hello_rcvd) {
257 error("%s: HELLO received twice", __func__);
258 return -1;
3bcced4c 259 }
a858eae9 260 if (buffer_get_int_ret(&ver, m) != 0) {
261 malf:
262 error("%s: malformed message", __func__);
263 return -1;
3bcced4c 264 }
a858eae9 265 if (ver != SSHMUX_VER) {
266 error("Unsupported multiplexing protocol version %d "
267 "(expected %d)", ver, SSHMUX_VER);
268 return -1;
269 }
270 debug2("%s: channel %d slave version %u", __func__, c->self, ver);
3bcced4c 271
a858eae9 272 /* No extensions are presently defined */
273 while (buffer_len(m) > 0) {
274 char *name = buffer_get_string_ret(m, NULL);
275 char *value = buffer_get_string_ret(m, NULL);
3bcced4c 276
a858eae9 277 if (name == NULL || value == NULL) {
278 if (name != NULL)
279 xfree(name);
280 goto malf;
3bcced4c 281 }
a858eae9 282 debug2("Unrecognised slave extension \"%s\"", name);
283 xfree(name);
284 xfree(value);
3bcced4c 285 }
a858eae9 286 state->hello_rcvd = 1;
287 return 0;
288}
289
290static int
291process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
292{
293 Channel *nc;
294 struct mux_session_confirm_ctx *cctx;
295 char *reserved, *cmd, *cp;
296 u_int i, j, len, env_len, escape_char, window, packetmax;
297 int new_fd[3];
3bcced4c 298
299 /* Reply for SSHMUX_COMMAND_OPEN */
a858eae9 300 cctx = xcalloc(1, sizeof(*cctx));
301 cctx->term = NULL;
302 cmd = reserved = NULL;
303 if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
304 buffer_get_int_ret(&cctx->want_tty, m) != 0 ||
305 buffer_get_int_ret(&cctx->want_x_fwd, m) != 0 ||
306 buffer_get_int_ret(&cctx->want_agent_fwd, m) != 0 ||
307 buffer_get_int_ret(&cctx->want_subsys, m) != 0 ||
308 buffer_get_int_ret(&escape_char, m) != 0 ||
309 (cctx->term = buffer_get_string_ret(m, &len)) == NULL ||
310 (cmd = buffer_get_string_ret(m, &len)) == NULL) {
311 malf:
312 if (cmd != NULL)
313 xfree(cmd);
314 if (reserved != NULL)
315 xfree(reserved);
316 if (cctx->term != NULL)
317 xfree(cctx->term);
318 error("%s: malformed message", __func__);
319 return -1;
3bcced4c 320 }
a858eae9 321 xfree(reserved);
322 reserved = NULL;
323
324 cctx->env = NULL;
325 env_len = 0;
326 while (buffer_len(m) > 0) {
327#define MUX_MAX_ENV_VARS 4096
328 if ((cp = buffer_get_string_ret(m, &len)) == NULL) {
329 xfree(cmd);
330 goto malf;
331 }
332 if (!env_permitted(cp)) {
333 xfree(cp);
334 continue;
335 }
336 cctx->env = xrealloc(cctx->env, env_len + 2,
337 sizeof(*cctx->env));
338 cctx->env[env_len++] = cp;
339 cctx->env[env_len] = NULL;
340 if (env_len > MUX_MAX_ENV_VARS) {
341 error(">%d environment variables received, ignoring "
342 "additional", MUX_MAX_ENV_VARS);
343 break;
344 }
3bcced4c 345 }
346
a858eae9 347 debug2("%s: channel %d: request tty %d, X %d, agent %d, subsys %d, "
348 "term \"%s\", cmd \"%s\", env %u", __func__, c->self,
349 cctx->want_tty, cctx->want_x_fwd, cctx->want_agent_fwd,
350 cctx->want_subsys, cctx->term, cmd, env_len);
3bcced4c 351
3bcced4c 352 buffer_init(&cctx->cmd);
353 buffer_append(&cctx->cmd, cmd, strlen(cmd));
3bcced4c 354 xfree(cmd);
a858eae9 355 cmd = NULL;
3bcced4c 356
357 /* Gather fds from client */
358 for(i = 0; i < 3; i++) {
a858eae9 359 if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
3bcced4c 360 error("%s: failed to receive fd %d from slave",
361 __func__, i);
362 for (j = 0; j < i; j++)
363 close(new_fd[j]);
364 for (j = 0; j < env_len; j++)
365 xfree(cctx->env[j]);
366 if (env_len > 0)
367 xfree(cctx->env);
368 xfree(cctx->term);
369 buffer_free(&cctx->cmd);
3bcced4c 370 xfree(cctx);
a858eae9 371
372 /* prepare reply */
373 buffer_put_int(r, MUX_S_FAILURE);
374 buffer_put_int(r, rid);
375 buffer_put_cstring(r,
376 "did not receive file descriptors");
377 return -1;
3bcced4c 378 }
379 }
380
a858eae9 381 debug3("%s: got fds stdin %d, stdout %d, stderr %d", __func__,
3bcced4c 382 new_fd[0], new_fd[1], new_fd[2]);
383
a858eae9 384 /* XXX support multiple child sessions in future */
385 if (c->remote_id != -1) {
386 debug2("%s: session already open", __func__);
387 /* prepare reply */
388 buffer_put_int(r, MUX_S_FAILURE);
389 buffer_put_int(r, rid);
390 buffer_put_cstring(r, "Multiple sessions not supported");
391 cleanup:
3bcced4c 392 close(new_fd[0]);
393 close(new_fd[1]);
394 close(new_fd[2]);
3bcced4c 395 xfree(cctx->term);
396 if (env_len != 0) {
397 for (i = 0; i < env_len; i++)
398 xfree(cctx->env[i]);
399 xfree(cctx->env);
400 }
a858eae9 401 buffer_free(&cctx->cmd);
3bcced4c 402 return 0;
403 }
a858eae9 404
405 if (options.control_master == SSHCTL_MASTER_ASK ||
406 options.control_master == SSHCTL_MASTER_AUTO_ASK) {
407 if (!ask_permission("Allow shared connection to %s? ", host)) {
408 debug2("%s: session refused by user", __func__);
409 /* prepare reply */
410 buffer_put_int(r, MUX_S_PERMISSION_DENIED);
411 buffer_put_int(r, rid);
412 buffer_put_cstring(r, "Permission denied");
413 goto cleanup;
414 }
415 }
416
417 /* Try to pick up ttymodes from client before it goes raw */
418 if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
419 error("%s: tcgetattr: %s", __func__, strerror(errno));
3bcced4c 420
421 /* enable nonblocking unless tty */
422 if (!isatty(new_fd[0]))
423 set_nonblock(new_fd[0]);
424 if (!isatty(new_fd[1]))
425 set_nonblock(new_fd[1]);
426 if (!isatty(new_fd[2]))
427 set_nonblock(new_fd[2]);
428
3bcced4c 429 window = CHAN_SES_WINDOW_DEFAULT;
430 packetmax = CHAN_SES_PACKET_DEFAULT;
431 if (cctx->want_tty) {
432 window >>= 1;
433 packetmax >>= 1;
434 }
a858eae9 435
436 nc = channel_new("session", SSH_CHANNEL_OPENING,
3bcced4c 437 new_fd[0], new_fd[1], new_fd[2], window, packetmax,
438 CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
439
a858eae9 440 nc->ctl_chan = c->self; /* link session -> control channel */
441 c->remote_id = nc->self; /* link control -> session channel */
442
f17f705b 443 if (cctx->want_tty && escape_char != 0xffffffff) {
a858eae9 444 channel_register_filter(nc->self,
f17f705b 445 client_simple_escape_filter, NULL,
e74caf1e 446 client_filter_cleanup,
f17f705b 447 client_new_escape_filter_ctx((int)escape_char));
448 }
3bcced4c 449
a858eae9 450 debug2("%s: channel_new: %d linked to control channel %d",
451 __func__, nc->self, nc->ctl_chan);
3bcced4c 452
a858eae9 453 channel_send_open(nc->self);
454 channel_register_open_confirm(nc->self, mux_session_confirm, cctx);
455 channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 0);
3bcced4c 456
a858eae9 457 /* prepare reply */
458 /* XXX defer until mux_session_confirm() fires */
459 buffer_put_int(r, MUX_S_SESSION_OPENED);
460 buffer_put_int(r, rid);
461 buffer_put_int(r, nc->self);
3bcced4c 462
a858eae9 463 return 0;
3bcced4c 464}
465
a858eae9 466static int
467process_mux_alive_check(u_int rid, Channel *c, Buffer *m, Buffer *r)
3bcced4c 468{
a858eae9 469 debug2("%s: channel %d: alive check", __func__, c->self);
3bcced4c 470
a858eae9 471 /* prepare reply */
472 buffer_put_int(r, MUX_S_ALIVE);
473 buffer_put_int(r, rid);
474 buffer_put_int(r, (u_int)getpid());
3bcced4c 475
a858eae9 476 return 0;
3bcced4c 477}
478
3bcced4c 479static int
a858eae9 480process_mux_terminate(u_int rid, Channel *c, Buffer *m, Buffer *r)
3bcced4c 481{
a858eae9 482 debug2("%s: channel %d: terminate request", __func__, c->self);
483
484 if (options.control_master == SSHCTL_MASTER_ASK ||
485 options.control_master == SSHCTL_MASTER_AUTO_ASK) {
486 if (!ask_permission("Terminate shared connection to %s? ",
487 host)) {
488 debug2("%s: termination refused by user", __func__);
489 buffer_put_int(r, MUX_S_PERMISSION_DENIED);
490 buffer_put_int(r, rid);
491 buffer_put_cstring(r, "Permission denied");
492 return 0;
493 }
494 }
3bcced4c 495
a858eae9 496 quit_pending = 1;
497 buffer_put_int(r, MUX_S_OK);
498 buffer_put_int(r, rid);
499 /* XXX exit happens too soon - message never makes it to client */
500 return 0;
3bcced4c 501}
502
a858eae9 503static char *
504format_forward(u_int ftype, Forward *fwd)
3bcced4c 505{
a858eae9 506 char *ret;
507
508 switch (ftype) {
509 case MUX_FWD_LOCAL:
510 xasprintf(&ret, "local forward %.200s:%d -> %.200s:%d",
511 (fwd->listen_host == NULL) ?
512 (options.gateway_ports ? "*" : "LOCALHOST") :
513 fwd->listen_host, fwd->listen_port,
514 fwd->connect_host, fwd->connect_port);
515 break;
516 case MUX_FWD_DYNAMIC:
517 xasprintf(&ret, "dynamic forward %.200s:%d -> *",
518 (fwd->listen_host == NULL) ?
519 (options.gateway_ports ? "*" : "LOCALHOST") :
520 fwd->listen_host, fwd->listen_port);
521 break;
522 case MUX_FWD_REMOTE:
523 xasprintf(&ret, "remote forward %.200s:%d -> %.200s:%d",
524 (fwd->listen_host == NULL) ?
525 "LOCALHOST" : fwd->listen_host,
526 fwd->listen_port,
527 fwd->connect_host, fwd->connect_port);
3bcced4c 528 break;
529 default:
a858eae9 530 fatal("%s: unknown forward type %u", __func__, ftype);
3bcced4c 531 }
a858eae9 532 return ret;
533}
3bcced4c 534
a858eae9 535static int
536compare_host(const char *a, const char *b)
537{
538 if (a == NULL && b == NULL)
539 return 1;
540 if (a == NULL || b == NULL)
541 return 0;
542 return strcmp(a, b) == 0;
543}
3bcced4c 544
a858eae9 545static int
546compare_forward(Forward *a, Forward *b)
547{
548 if (!compare_host(a->listen_host, b->listen_host))
549 return 0;
550 if (a->listen_port != b->listen_port)
551 return 0;
552 if (!compare_host(a->connect_host, b->connect_host))
553 return 0;
554 if (a->connect_port != b->connect_port)
555 return 0;
3bcced4c 556
a858eae9 557 return 1;
558}
3bcced4c 559
a858eae9 560static int
561process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
562{
563 Forward fwd;
564 char *fwd_desc = NULL;
565 u_int ftype;
566 int i, ret = 0, freefwd = 1;
567
568 fwd.listen_host = fwd.connect_host = NULL;
569 if (buffer_get_int_ret(&ftype, m) != 0 ||
570 (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
571 buffer_get_int_ret(&fwd.listen_port, m) != 0 ||
572 (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
573 buffer_get_int_ret(&fwd.connect_port, m) != 0) {
574 error("%s: malformed message", __func__);
575 ret = -1;
576 goto out;
577 }
578
579 if (*fwd.listen_host == '\0') {
580 xfree(fwd.listen_host);
581 fwd.listen_host = NULL;
582 }
583 if (*fwd.connect_host == '\0') {
584 xfree(fwd.connect_host);
585 fwd.connect_host = NULL;
586 }
587
588 debug2("%s: channel %d: request %s", __func__, c->self,
589 (fwd_desc = format_forward(ftype, &fwd)));
590
591 if (ftype != MUX_FWD_LOCAL && ftype != MUX_FWD_REMOTE &&
592 ftype != MUX_FWD_DYNAMIC) {
593 logit("%s: invalid forwarding type %u", __func__, ftype);
594 invalid:
595 xfree(fwd.listen_host);
596 xfree(fwd.connect_host);
597 buffer_put_int(r, MUX_S_FAILURE);
598 buffer_put_int(r, rid);
599 buffer_put_cstring(r, "Invalid forwarding request");
600 return 0;
601 }
602 /* XXX support rport0 forwarding with reply of port assigned */
603 if (fwd.listen_port == 0 || fwd.listen_port >= 65536) {
604 logit("%s: invalid listen port %u", __func__,
605 fwd.listen_port);
606 goto invalid;
607 }
608 if (fwd.connect_port >= 65536 || (ftype != MUX_FWD_DYNAMIC &&
609 ftype != MUX_FWD_REMOTE && fwd.connect_port == 0)) {
610 logit("%s: invalid connect port %u", __func__,
611 fwd.connect_port);
612 goto invalid;
613 }
614 if (ftype != MUX_FWD_DYNAMIC && fwd.connect_host == NULL) {
615 logit("%s: missing connect host", __func__);
616 goto invalid;
617 }
618
619 /* Skip forwards that have already been requested */
620 switch (ftype) {
621 case MUX_FWD_LOCAL:
622 case MUX_FWD_DYNAMIC:
623 for (i = 0; i < options.num_local_forwards; i++) {
624 if (compare_forward(&fwd,
625 options.local_forwards + i)) {
626 exists:
627 debug2("%s: found existing forwarding",
628 __func__);
629 buffer_put_int(r, MUX_S_OK);
630 buffer_put_int(r, rid);
631 goto out;
632 }
3bcced4c 633 }
a858eae9 634 break;
635 case MUX_FWD_REMOTE:
636 for (i = 0; i < options.num_remote_forwards; i++) {
637 if (compare_forward(&fwd,
638 options.remote_forwards + i))
639 goto exists;
3bcced4c 640 }
a858eae9 641 break;
3bcced4c 642 }
643
a858eae9 644 if (options.control_master == SSHCTL_MASTER_ASK ||
645 options.control_master == SSHCTL_MASTER_AUTO_ASK) {
646 if (!ask_permission("Open %s on %s?", fwd_desc, host)) {
647 debug2("%s: forwarding refused by user", __func__);
648 buffer_put_int(r, MUX_S_PERMISSION_DENIED);
649 buffer_put_int(r, rid);
650 buffer_put_cstring(r, "Permission denied");
651 goto out;
652 }
3bcced4c 653 }
654
a858eae9 655 if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) {
656 if (options.num_local_forwards + 1 >=
657 SSH_MAX_FORWARDS_PER_DIRECTION ||
658 channel_setup_local_fwd_listener(fwd.listen_host,
659 fwd.listen_port, fwd.connect_host, fwd.connect_port,
660 options.gateway_ports) < 0) {
661 fail:
662 logit("slave-requested %s failed", fwd_desc);
663 buffer_put_int(r, MUX_S_FAILURE);
664 buffer_put_int(r, rid);
665 buffer_put_cstring(r, "Port forwarding failed");
666 goto out;
667 }
668 add_local_forward(&options, &fwd);
669 freefwd = 0;
670 } else {
671 /* XXX wait for remote to confirm */
672 if (options.num_remote_forwards + 1 >=
673 SSH_MAX_FORWARDS_PER_DIRECTION ||
674 channel_request_remote_forwarding(fwd.listen_host,
675 fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0)
676 goto fail;
677 add_remote_forward(&options, &fwd);
678 freefwd = 0;
679 }
680 buffer_put_int(r, MUX_S_OK);
681 buffer_put_int(r, rid);
682 out:
683 if (fwd_desc != NULL)
684 xfree(fwd_desc);
685 if (freefwd) {
686 if (fwd.listen_host != NULL)
687 xfree(fwd.listen_host);
688 if (fwd.connect_host != NULL)
689 xfree(fwd.connect_host);
690 }
691 return ret;
692}
3bcced4c 693
a858eae9 694static int
695process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
696{
697 Forward fwd;
698 char *fwd_desc = NULL;
699 u_int ftype;
700 int ret = 0;
701
702 fwd.listen_host = fwd.connect_host = NULL;
703 if (buffer_get_int_ret(&ftype, m) != 0 ||
704 (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
705 buffer_get_int_ret(&fwd.listen_port, m) != 0 ||
706 (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
707 buffer_get_int_ret(&fwd.connect_port, m) != 0) {
708 error("%s: malformed message", __func__);
709 ret = -1;
710 goto out;
711 }
3bcced4c 712
a858eae9 713 if (*fwd.listen_host == '\0') {
714 xfree(fwd.listen_host);
715 fwd.listen_host = NULL;
716 }
717 if (*fwd.connect_host == '\0') {
718 xfree(fwd.connect_host);
719 fwd.connect_host = NULL;
720 }
721
722 debug2("%s: channel %d: request %s", __func__, c->self,
723 (fwd_desc = format_forward(ftype, &fwd)));
724
725 /* XXX implement this */
726 buffer_put_int(r, MUX_S_FAILURE);
727 buffer_put_int(r, rid);
728 buffer_put_cstring(r, "unimplemented");
729
730 out:
731 if (fwd_desc != NULL)
732 xfree(fwd_desc);
733 if (fwd.listen_host != NULL)
734 xfree(fwd.listen_host);
735 if (fwd.connect_host != NULL)
736 xfree(fwd.connect_host);
737
738 return ret;
739}
740
741static int
742process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
743{
744 Channel *nc;
745 char *reserved, *chost;
746 u_int cport, i, j;
747 int new_fd[2];
748
749 chost = reserved = NULL;
750 if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
751 (chost = buffer_get_string_ret(m, NULL)) == NULL ||
752 buffer_get_int_ret(&cport, m) != 0) {
753 if (reserved != NULL)
754 xfree(reserved);
755 if (chost != NULL)
756 xfree(chost);
757 error("%s: malformed message", __func__);
758 return -1;
759 }
760 xfree(reserved);
761
762 debug2("%s: channel %d: request stdio fwd to %s:%u",
763 __func__, c->self, chost, cport);
764
765 /* Gather fds from client */
766 for(i = 0; i < 2; i++) {
767 if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
768 error("%s: failed to receive fd %d from slave",
769 __func__, i);
770 for (j = 0; j < i; j++)
771 close(new_fd[j]);
772 xfree(chost);
773
774 /* prepare reply */
775 buffer_put_int(r, MUX_S_FAILURE);
776 buffer_put_int(r, rid);
777 buffer_put_cstring(r,
778 "did not receive file descriptors");
779 return -1;
780 }
781 }
3bcced4c 782
a858eae9 783 debug3("%s: got fds stdin %d, stdout %d", __func__,
784 new_fd[0], new_fd[1]);
785
786 /* XXX support multiple child sessions in future */
787 if (c->remote_id != -1) {
788 debug2("%s: session already open", __func__);
789 /* prepare reply */
790 buffer_put_int(r, MUX_S_FAILURE);
791 buffer_put_int(r, rid);
792 buffer_put_cstring(r, "Multiple sessions not supported");
793 cleanup:
794 close(new_fd[0]);
795 close(new_fd[1]);
796 xfree(chost);
797 return 0;
798 }
799
800 if (options.control_master == SSHCTL_MASTER_ASK ||
801 options.control_master == SSHCTL_MASTER_AUTO_ASK) {
802 if (!ask_permission("Allow forward to to %s:%u? ",
803 chost, cport)) {
804 debug2("%s: stdio fwd refused by user", __func__);
805 /* prepare reply */
806 buffer_put_int(r, MUX_S_PERMISSION_DENIED);
807 buffer_put_int(r, rid);
808 buffer_put_cstring(r, "Permission denied");
809 goto cleanup;
810 }
811 }
812
813 /* enable nonblocking unless tty */
814 if (!isatty(new_fd[0]))
815 set_nonblock(new_fd[0]);
816 if (!isatty(new_fd[1]))
817 set_nonblock(new_fd[1]);
818
819 nc = channel_connect_stdio_fwd(chost, cport, new_fd[0], new_fd[1]);
820
821 nc->ctl_chan = c->self; /* link session -> control channel */
822 c->remote_id = nc->self; /* link control -> session channel */
823
824 debug2("%s: channel_new: %d linked to control channel %d",
825 __func__, nc->self, nc->ctl_chan);
826
827 channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 0);
828
829 /* prepare reply */
830 /* XXX defer until channel confirmed */
831 buffer_put_int(r, MUX_S_SESSION_OPENED);
832 buffer_put_int(r, rid);
833 buffer_put_int(r, nc->self);
834
835 return 0;
836}
837
838/* Channel callbacks fired on read/write from mux slave fd */
839static int
840mux_master_read_cb(Channel *c)
841{
842 struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
843 Buffer in, out;
844 void *ptr;
845 u_int type, rid, have, i;
846 int ret = -1;
847
848 /* Setup ctx and */
849 if (c->mux_ctx == NULL) {
850 state = xcalloc(1, sizeof(state));
851 c->mux_ctx = state;
852 channel_register_cleanup(c->self,
853 mux_master_control_cleanup_cb, 0);
854
855 /* Send hello */
856 buffer_init(&out);
857 buffer_put_int(&out, MUX_MSG_HELLO);
858 buffer_put_int(&out, SSHMUX_VER);
859 /* no extensions */
860 buffer_put_string(&c->output, buffer_ptr(&out),
861 buffer_len(&out));
862 buffer_free(&out);
863 debug3("%s: channel %d: hello sent", __func__, c->self);
864 return 0;
865 }
866
867 buffer_init(&in);
868 buffer_init(&out);
869
870 /* Channel code ensures that we receive whole packets */
871 if ((ptr = buffer_get_string_ptr_ret(&c->input, &have)) == NULL) {
872 malf:
873 error("%s: malformed message", __func__);
874 goto out;
875 }
876 buffer_append(&in, ptr, have);
877
878 if (buffer_get_int_ret(&type, &in) != 0)
879 goto malf;
880 debug3("%s: channel %d packet type 0x%08x len %u",
881 __func__, c->self, type, buffer_len(&in));
882
883 if (type == MUX_MSG_HELLO)
884 rid = 0;
885 else {
886 if (!state->hello_rcvd) {
887 error("%s: expected MUX_MSG_HELLO(0x%08x), "
888 "received 0x%08x", __func__, MUX_MSG_HELLO, type);
889 goto out;
890 }
891 if (buffer_get_int_ret(&rid, &in) != 0)
892 goto malf;
893 }
894
895 for (i = 0; mux_master_handlers[i].handler != NULL; i++) {
896 if (type == mux_master_handlers[i].type) {
897 ret = mux_master_handlers[i].handler(rid, c, &in, &out);
898 break;
899 }
900 }
901 if (mux_master_handlers[i].handler == NULL) {
902 error("%s: unsupported mux message 0x%08x", __func__, type);
903 buffer_put_int(&out, MUX_S_FAILURE);
904 buffer_put_int(&out, rid);
905 buffer_put_cstring(&out, "unsupported request");
906 ret = 0;
907 }
908 /* Enqueue reply packet */
909 if (buffer_len(&out) != 0) {
910 buffer_put_string(&c->output, buffer_ptr(&out),
911 buffer_len(&out));
912 }
913 out:
914 buffer_free(&in);
915 buffer_free(&out);
916 return ret;
917}
918
919void
920mux_exit_message(Channel *c, int exitval)
921{
922 Buffer m;
923 Channel *mux_chan;
924
925 debug3("%s: channel %d: exit message, evitval %d", __func__, c->self,
926 exitval);
927
928 if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL)
929 fatal("%s: channel %d missing mux channel %d",
930 __func__, c->self, c->ctl_chan);
931
932 /* Append exit message packet to control socket output queue */
3bcced4c 933 buffer_init(&m);
a858eae9 934 buffer_put_int(&m, MUX_S_EXIT_MESSAGE);
935 buffer_put_int(&m, c->self);
936 buffer_put_int(&m, exitval);
3bcced4c 937
a858eae9 938 buffer_put_string(&mux_chan->output, buffer_ptr(&m), buffer_len(&m));
939 buffer_free(&m);
940}
941
942/* Prepare a mux master to listen on a Unix domain socket. */
943void
944muxserver_listen(void)
945{
946 struct sockaddr_un addr;
947 socklen_t sun_len;
948 mode_t old_umask;
949
950 if (options.control_path == NULL ||
951 options.control_master == SSHCTL_MASTER_NO)
b97ea6eb 952 return;
a858eae9 953
954 debug("setting up multiplex master socket");
955
956 memset(&addr, '\0', sizeof(addr));
957 addr.sun_family = AF_UNIX;
958 sun_len = offsetof(struct sockaddr_un, sun_path) +
959 strlen(options.control_path) + 1;
960
961 if (strlcpy(addr.sun_path, options.control_path,
962 sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
963 fatal("ControlPath too long");
964
965 if ((muxserver_sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
966 fatal("%s socket(): %s", __func__, strerror(errno));
967
968 old_umask = umask(0177);
969 if (bind(muxserver_sock, (struct sockaddr *)&addr, sun_len) == -1) {
970 muxserver_sock = -1;
971 if (errno == EINVAL || errno == EADDRINUSE) {
972 error("ControlSocket %s already exists, "
973 "disabling multiplexing", options.control_path);
974 close(muxserver_sock);
975 muxserver_sock = -1;
976 xfree(options.control_path);
977 options.control_path = NULL;
978 options.control_master = SSHCTL_MASTER_NO;
979 return;
980 } else
981 fatal("%s bind(): %s", __func__, strerror(errno));
982 }
983 umask(old_umask);
984
985 if (listen(muxserver_sock, 64) == -1)
986 fatal("%s listen(): %s", __func__, strerror(errno));
987
988 set_nonblock(muxserver_sock);
989
990 mux_listener_channel = channel_new("mux listener",
991 SSH_CHANNEL_MUX_LISTENER, muxserver_sock, muxserver_sock, -1,
992 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
993 0, addr.sun_path, 1);
994 mux_listener_channel->mux_rcb = mux_master_read_cb;
995 debug3("%s: mux listener channel %d fd %d", __func__,
996 mux_listener_channel->self, mux_listener_channel->sock);
997}
998
999/* Callback on open confirmation in mux master for a mux client session. */
1000static void
1001mux_session_confirm(int id, void *arg)
1002{
1003 struct mux_session_confirm_ctx *cctx = arg;
1004 const char *display;
1005 Channel *c;
1006 int i;
1007
1008 if (cctx == NULL)
1009 fatal("%s: cctx == NULL", __func__);
1010 if ((c = channel_by_id(id)) == NULL)
1011 fatal("%s: no channel for id %d", __func__, id);
1012
1013 display = getenv("DISPLAY");
1014 if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
1015 char *proto, *data;
1016 /* Get reasonable local authentication information. */
1017 client_x11_get_proto(display, options.xauth_location,
1018 options.forward_x11_trusted, &proto, &data);
1019 /* Request forwarding with authentication spoofing. */
1020 debug("Requesting X11 forwarding with authentication spoofing.");
1021 x11_request_forwarding_with_spoofing(id, display, proto, data);
1022 /* XXX wait for reply */
1023 }
1024
1025 if (cctx->want_agent_fwd && options.forward_agent) {
1026 debug("Requesting authentication agent forwarding.");
1027 channel_request_start(id, "auth-agent-req@openssh.com", 0);
1028 packet_send();
1029 }
1030
1031 client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
1032 cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env);
1033
1034 c->open_confirm_ctx = NULL;
1035 buffer_free(&cctx->cmd);
1036 xfree(cctx->term);
1037 if (cctx->env != NULL) {
1038 for (i = 0; cctx->env[i] != NULL; i++)
1039 xfree(cctx->env[i]);
1040 xfree(cctx->env);
1041 }
1042 xfree(cctx);
1043}
1044
1045/* ** Multiplexing client support */
1046
1047/* Exit signal handler */
1048static void
1049control_client_sighandler(int signo)
1050{
1051 muxclient_terminate = signo;
1052}
1053
1054/*
1055 * Relay signal handler - used to pass some signals from mux client to
1056 * mux master.
1057 */
1058static void
1059control_client_sigrelay(int signo)
1060{
1061 int save_errno = errno;
1062
1063 if (muxserver_pid > 1)
1064 kill(muxserver_pid, signo);
1065
1066 errno = save_errno;
1067}
1068
1069static int
1070mux_client_read(int fd, Buffer *b, u_int need)
1071{
1072 u_int have;
1073 ssize_t len;
1074 u_char *p;
1075 struct pollfd pfd;
1076
1077 pfd.fd = fd;
1078 pfd.events = POLLIN;
1079 p = buffer_append_space(b, need);
1080 for (have = 0; have < need; ) {
1081 if (muxclient_terminate) {
1082 errno = EINTR;
1083 return -1;
1084 }
1085 len = read(fd, p + have, need - have);
1086 if (len < 0) {
1087 switch (errno) {
1088#if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN)
1089 case EWOULDBLOCK:
1090#endif
1091 case EAGAIN:
1092 (void)poll(&pfd, 1, -1);
1093 /* FALLTHROUGH */
1094 case EINTR:
1095 continue;
1096 default:
1097 return -1;
1098 }
1099 }
1100 if (len == 0) {
1101 errno = EPIPE;
1102 return -1;
1103 }
1104 have += (u_int)len;
1105 }
1106 return 0;
1107}
1108
1109static int
1110mux_client_write_packet(int fd, Buffer *m)
1111{
1112 Buffer queue;
1113 u_int have, need;
1114 int oerrno, len;
1115 u_char *ptr;
1116 struct pollfd pfd;
1117
1118 pfd.fd = fd;
1119 pfd.events = POLLOUT;
1120 buffer_init(&queue);
1121 buffer_put_string(&queue, buffer_ptr(m), buffer_len(m));
1122
1123 need = buffer_len(&queue);
1124 ptr = buffer_ptr(&queue);
1125
1126 for (have = 0; have < need; ) {
1127 if (muxclient_terminate) {
1128 buffer_free(&queue);
1129 errno = EINTR;
1130 return -1;
1131 }
1132 len = write(fd, ptr + have, need - have);
1133 if (len < 0) {
1134 switch (errno) {
1135#if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN)
1136 case EWOULDBLOCK:
1137#endif
1138 case EAGAIN:
1139 (void)poll(&pfd, 1, -1);
1140 /* FALLTHROUGH */
1141 case EINTR:
1142 continue;
1143 default:
1144 oerrno = errno;
1145 buffer_free(&queue);
1146 errno = oerrno;
1147 return -1;
1148 }
1149 }
1150 if (len == 0) {
1151 buffer_free(&queue);
1152 errno = EPIPE;
1153 return -1;
1154 }
1155 have += (u_int)len;
1156 }
1157 buffer_free(&queue);
1158 return 0;
1159}
1160
1161static int
1162mux_client_read_packet(int fd, Buffer *m)
1163{
1164 Buffer queue;
1165 u_int need, have;
1166 void *ptr;
1167 int oerrno;
1168
1169 buffer_init(&queue);
1170 if (mux_client_read(fd, &queue, 4) != 0) {
1171 if ((oerrno = errno) == EPIPE)
1172 debug3("%s: read header failed: %s", __func__, strerror(errno));
1173 errno = oerrno;
1174 return -1;
b97ea6eb 1175 }
a858eae9 1176 need = get_u32(buffer_ptr(&queue));
1177 if (mux_client_read(fd, &queue, need) != 0) {
1178 oerrno = errno;
1179 debug3("%s: read body failed: %s", __func__, strerror(errno));
1180 errno = oerrno;
1181 return -1;
1182 }
1183 ptr = buffer_get_string_ptr(&queue, &have);
1184 buffer_append(m, ptr, have);
1185 buffer_free(&queue);
1186 return 0;
1187}
1188
1189static int
1190mux_client_hello_exchange(int fd)
1191{
1192 Buffer m;
1193 u_int type, ver;
1194
1195 buffer_init(&m);
1196 buffer_put_int(&m, MUX_MSG_HELLO);
1197 buffer_put_int(&m, SSHMUX_VER);
1198 /* no extensions */
1199
1200 if (mux_client_write_packet(fd, &m) != 0)
1201 fatal("%s: write packet: %s", __func__, strerror(errno));
1202
3bcced4c 1203 buffer_clear(&m);
1204
a858eae9 1205 /* Read their HELLO */
1206 if (mux_client_read_packet(fd, &m) != 0) {
1207 buffer_free(&m);
1208 return -1;
b97ea6eb 1209 }
a858eae9 1210
1211 type = buffer_get_int(&m);
1212 if (type != MUX_MSG_HELLO)
1213 fatal("%s: expected HELLO (%u) received %u",
1214 __func__, MUX_MSG_HELLO, type);
1215 ver = buffer_get_int(&m);
1216 if (ver != SSHMUX_VER)
1217 fatal("Unsupported multiplexing protocol version %d "
1218 "(expected %d)", ver, SSHMUX_VER);
1219 debug2("%s: master version %u", __func__, ver);
1220 /* No extensions are presently defined */
1221 while (buffer_len(&m) > 0) {
1222 char *name = buffer_get_string(&m, NULL);
1223 char *value = buffer_get_string(&m, NULL);
1224
1225 debug2("Unrecognised master extension \"%s\"", name);
1226 xfree(name);
1227 xfree(value);
b97ea6eb 1228 }
a858eae9 1229 buffer_free(&m);
1230 return 0;
1231}
1232
1233static u_int
1234mux_client_request_alive(int fd)
1235{
1236 Buffer m;
1237 char *e;
1238 u_int pid, type, rid;
1239
1240 debug3("%s: entering", __func__);
1241
1242 buffer_init(&m);
1243 buffer_put_int(&m, MUX_C_ALIVE_CHECK);
1244 buffer_put_int(&m, muxclient_request_id);
1245
1246 if (mux_client_write_packet(fd, &m) != 0)
1247 fatal("%s: write packet: %s", __func__, strerror(errno));
1248
1249 buffer_clear(&m);
1250
1251 /* Read their reply */
1252 if (mux_client_read_packet(fd, &m) != 0) {
1253 buffer_free(&m);
1254 return 0;
b97ea6eb 1255 }
a858eae9 1256
1257 type = buffer_get_int(&m);
1258 if (type != MUX_S_ALIVE) {
1259 e = buffer_get_string(&m, NULL);
1260 fatal("%s: master returned error: %s", __func__, e);
b97ea6eb 1261 }
a858eae9 1262
1263 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1264 fatal("%s: out of sequence reply: my id %u theirs %u",
1265 __func__, muxclient_request_id, rid);
1266 pid = buffer_get_int(&m);
1267 buffer_free(&m);
1268
1269 debug3("%s: done pid = %u", __func__, pid);
1270
1271 muxclient_request_id++;
1272
1273 return pid;
1274}
1275
1276static void
1277mux_client_request_terminate(int fd)
1278{
1279 Buffer m;
1280 char *e;
1281 u_int type, rid;
1282
1283 debug3("%s: entering", __func__);
1284
1285 buffer_init(&m);
1286 buffer_put_int(&m, MUX_C_TERMINATE);
1287 buffer_put_int(&m, muxclient_request_id);
1288
1289 if (mux_client_write_packet(fd, &m) != 0)
1290 fatal("%s: write packet: %s", __func__, strerror(errno));
3bcced4c 1291
1292 buffer_clear(&m);
1293
a858eae9 1294 /* Read their reply */
1295 if (mux_client_read_packet(fd, &m) != 0) {
1296 /* Remote end exited already */
1297 if (errno == EPIPE) {
1298 buffer_free(&m);
1299 return;
f17f705b 1300 }
a858eae9 1301 fatal("%s: read from master failed: %s",
1302 __func__, strerror(errno));
1303 }
1304
1305 type = buffer_get_int(&m);
1306 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1307 fatal("%s: out of sequence reply: my id %u theirs %u",
1308 __func__, muxclient_request_id, rid);
1309 switch (type) {
1310 case MUX_S_OK:
3bcced4c 1311 break;
a858eae9 1312 case MUX_S_PERMISSION_DENIED:
1313 e = buffer_get_string(&m, NULL);
1314 fatal("Master refused termination request: %s", e);
1315 case MUX_S_FAILURE:
1316 e = buffer_get_string(&m, NULL);
1317 fatal("%s: termination request failed: %s", __func__, e);
3bcced4c 1318 default:
a858eae9 1319 fatal("%s: unexpected response from master 0x%08x",
1320 __func__, type);
3bcced4c 1321 }
a858eae9 1322 buffer_free(&m);
1323 muxclient_request_id++;
1324}
1325
1326static int
1327mux_client_request_forward(int fd, u_int ftype, Forward *fwd)
1328{
1329 Buffer m;
1330 char *e, *fwd_desc;
1331 u_int type, rid;
1332
1333 fwd_desc = format_forward(ftype, fwd);
1334 debug("Requesting %s", fwd_desc);
1335 xfree(fwd_desc);
1336
1337 buffer_init(&m);
1338 buffer_put_int(&m, MUX_C_OPEN_FWD);
1339 buffer_put_int(&m, muxclient_request_id);
1340 buffer_put_int(&m, ftype);
1341 buffer_put_cstring(&m,
1342 fwd->listen_host == NULL ? "" : fwd->listen_host);
1343 buffer_put_int(&m, fwd->listen_port);
1344 buffer_put_cstring(&m,
1345 fwd->connect_host == NULL ? "" : fwd->connect_host);
1346 buffer_put_int(&m, fwd->connect_port);
1347
1348 if (mux_client_write_packet(fd, &m) != 0)
1349 fatal("%s: write packet: %s", __func__, strerror(errno));
1350
1351 buffer_clear(&m);
3bcced4c 1352
a858eae9 1353 /* Read their reply */
1354 if (mux_client_read_packet(fd, &m) != 0) {
1355 buffer_free(&m);
1356 return -1;
b97ea6eb 1357 }
3bcced4c 1358
a858eae9 1359 type = buffer_get_int(&m);
1360 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1361 fatal("%s: out of sequence reply: my id %u theirs %u",
1362 __func__, muxclient_request_id, rid);
1363 switch (type) {
1364 case MUX_S_OK:
1365 break;
1366 case MUX_S_PERMISSION_DENIED:
1367 e = buffer_get_string(&m, NULL);
1368 buffer_free(&m);
1369 error("Master refused forwarding request: %s", e);
1370 return -1;
1371 case MUX_S_FAILURE:
1372 e = buffer_get_string(&m, NULL);
1373 buffer_free(&m);
1374 error("%s: session request failed: %s", __func__, e);
1375 return -1;
1376 default:
1377 fatal("%s: unexpected response from master 0x%08x",
1378 __func__, type);
b97ea6eb 1379 }
a858eae9 1380 buffer_free(&m);
b97ea6eb 1381
a858eae9 1382 muxclient_request_id++;
1383 return 0;
1384}
3bcced4c 1385
a858eae9 1386static int
1387mux_client_request_forwards(int fd)
1388{
1389 int i;
1390
1391 debug3("%s: requesting forwardings: %d local, %d remote", __func__,
1392 options.num_local_forwards, options.num_remote_forwards);
1393
1394 /* XXX ExitOnForwardingFailure */
1395 for (i = 0; i < options.num_local_forwards; i++) {
1396 if (mux_client_request_forward(fd,
1397 options.local_forwards[i].connect_port == 0 ?
1398 MUX_FWD_DYNAMIC : MUX_FWD_LOCAL,
1399 options.local_forwards + i) != 0)
1400 return -1;
1401 }
1402 for (i = 0; i < options.num_remote_forwards; i++) {
1403 if (mux_client_request_forward(fd, MUX_FWD_REMOTE,
1404 options.remote_forwards + i) != 0)
1405 return -1;
1406 }
1407 return 0;
1408}
1409
1410static int
1411mux_client_request_session(int fd)
1412{
1413 Buffer m;
1414 char *e, *term;
1415 u_int i, rid, sid, esid, exitval, type, exitval_seen;
1416 extern char **environ;
1417 int devnull;
1418
1419 debug3("%s: entering", __func__);
1420
1421 if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
1422 error("%s: master alive request failed", __func__);
1423 return -1;
1424 }
1425
1426 signal(SIGPIPE, SIG_IGN);
1427
1428 if (stdin_null_flag) {
1429 if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
1430 fatal("open(/dev/null): %s", strerror(errno));
1431 if (dup2(devnull, STDIN_FILENO) == -1)
1432 fatal("dup2: %s", strerror(errno));
1433 if (devnull > STDERR_FILENO)
1434 close(devnull);
1435 }
1436
1437 term = getenv("TERM");
1438
1439 buffer_init(&m);
1440 buffer_put_int(&m, MUX_C_NEW_SESSION);
1441 buffer_put_int(&m, muxclient_request_id);
1442 buffer_put_cstring(&m, ""); /* reserved */
1443 buffer_put_int(&m, tty_flag);
1444 buffer_put_int(&m, options.forward_x11);
1445 buffer_put_int(&m, options.forward_agent);
1446 buffer_put_int(&m, subsystem_flag);
1447 buffer_put_int(&m, options.escape_char == SSH_ESCAPECHAR_NONE ?
1448 0xffffffff : (u_int)options.escape_char);
1449 buffer_put_cstring(&m, term == NULL ? "" : term);
1450 buffer_put_string(&m, buffer_ptr(&command), buffer_len(&command));
1451
1452 if (options.num_send_env > 0 && environ != NULL) {
1453 /* Pass environment */
1454 for (i = 0; environ[i] != NULL; i++) {
1455 if (env_permitted(environ[i])) {
1456 buffer_put_cstring(&m, environ[i]);
1457 }
1458 }
1459 }
1460
1461 if (mux_client_write_packet(fd, &m) != 0)
1462 fatal("%s: write packet: %s", __func__, strerror(errno));
1463
1464 /* Send the stdio file descriptors */
1465 if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
1466 mm_send_fd(fd, STDOUT_FILENO) == -1 ||
1467 mm_send_fd(fd, STDERR_FILENO) == -1)
1468 fatal("%s: send fds failed", __func__);
1469
1470 debug3("%s: session request sent", __func__);
1471
1472 /* Read their reply */
3bcced4c 1473 buffer_clear(&m);
a858eae9 1474 if (mux_client_read_packet(fd, &m) != 0) {
1475 error("%s: read from master failed: %s",
1476 __func__, strerror(errno));
1477 buffer_free(&m);
1478 return -1;
1479 }
1480
1481 type = buffer_get_int(&m);
1482 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1483 fatal("%s: out of sequence reply: my id %u theirs %u",
1484 __func__, muxclient_request_id, rid);
1485 switch (type) {
1486 case MUX_S_SESSION_OPENED:
1487 sid = buffer_get_int(&m);
1488 debug("%s: master session id: %u", __func__, sid);
1489 break;
1490 case MUX_S_PERMISSION_DENIED:
1491 e = buffer_get_string(&m, NULL);
1492 buffer_free(&m);
1493 error("Master refused forwarding request: %s", e);
1494 return -1;
1495 case MUX_S_FAILURE:
1496 e = buffer_get_string(&m, NULL);
1497 buffer_free(&m);
1498 error("%s: forwarding request failed: %s", __func__, e);
1499 return -1;
1500 default:
1501 buffer_free(&m);
1502 error("%s: unexpected response from master 0x%08x",
1503 __func__, type);
1504 return -1;
1505 }
1506 muxclient_request_id++;
3bcced4c 1507
1508 signal(SIGHUP, control_client_sighandler);
1509 signal(SIGINT, control_client_sighandler);
1510 signal(SIGTERM, control_client_sighandler);
1511 signal(SIGWINCH, control_client_sigrelay);
1512
1513 if (tty_flag)
ccd01778 1514 enter_raw_mode(force_tty_flag);
3bcced4c 1515
1516 /*
1517 * Stick around until the controlee closes the client_fd.
a858eae9 1518 * Before it does, it is expected to write an exit message.
1519 * This process must read the value and wait for the closure of
1520 * the client_fd; if this one closes early, the multiplex master will
1521 * terminate early too (possibly losing data).
3bcced4c 1522 */
a858eae9 1523 for (exitval = 255, exitval_seen = 0;;) {
1524 buffer_clear(&m);
1525 if (mux_client_read_packet(fd, &m) != 0)
3bcced4c 1526 break;
a858eae9 1527 type = buffer_get_int(&m);
1528 if (type != MUX_S_EXIT_MESSAGE) {
1529 e = buffer_get_string(&m, NULL);
1530 fatal("%s: master returned error: %s", __func__, e);
3bcced4c 1531 }
a858eae9 1532 if ((esid = buffer_get_int(&m)) != sid)
1533 fatal("%s: exit on unknown session: my id %u theirs %u",
1534 __func__, sid, esid);
1535 debug("%s: master session id: %u", __func__, sid);
1536 if (exitval_seen)
1537 fatal("%s: exitval sent twice", __func__);
1538 exitval = buffer_get_int(&m);
1539 exitval_seen = 1;
3bcced4c 1540 }
1541
a858eae9 1542 close(fd);
ccd01778 1543 leave_raw_mode(force_tty_flag);
a858eae9 1544
3bcced4c 1545 if (muxclient_terminate) {
1546 debug2("Exiting on signal %d", muxclient_terminate);
a858eae9 1547 exitval = 255;
1548 } else if (!exitval_seen) {
3bcced4c 1549 debug2("Control master terminated unexpectedly");
a858eae9 1550 exitval = 255;
3bcced4c 1551 } else
a858eae9 1552 debug2("Received exit status from master %d", exitval);
3bcced4c 1553
1554 if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
1555 fprintf(stderr, "Shared connection to %s closed.\r\n", host);
1556
a858eae9 1557 exit(exitval);
1558}
1559
1560static int
1561mux_client_request_stdio_fwd(int fd)
1562{
1563 Buffer m;
1564 char *e;
1565 u_int type, rid, sid;
1566 int devnull;
1567
1568 debug3("%s: entering", __func__);
1569
1570 if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
1571 error("%s: master alive request failed", __func__);
1572 return -1;
1573 }
1574
1575 signal(SIGPIPE, SIG_IGN);
1576
1577 if (stdin_null_flag) {
1578 if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
1579 fatal("open(/dev/null): %s", strerror(errno));
1580 if (dup2(devnull, STDIN_FILENO) == -1)
1581 fatal("dup2: %s", strerror(errno));
1582 if (devnull > STDERR_FILENO)
1583 close(devnull);
1584 }
1585
1586 buffer_init(&m);
1587 buffer_put_int(&m, MUX_C_NEW_STDIO_FWD);
1588 buffer_put_int(&m, muxclient_request_id);
1589 buffer_put_cstring(&m, ""); /* reserved */
1590 buffer_put_cstring(&m, stdio_forward_host);
1591 buffer_put_int(&m, stdio_forward_port);
1592
1593 if (mux_client_write_packet(fd, &m) != 0)
1594 fatal("%s: write packet: %s", __func__, strerror(errno));
1595
1596 /* Send the stdio file descriptors */
1597 if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
1598 mm_send_fd(fd, STDOUT_FILENO) == -1)
1599 fatal("%s: send fds failed", __func__);
1600
1601 debug3("%s: stdio forward request sent", __func__);
1602
1603 /* Read their reply */
1604 buffer_clear(&m);
1605
1606 if (mux_client_read_packet(fd, &m) != 0) {
1607 error("%s: read from master failed: %s",
1608 __func__, strerror(errno));
1609 buffer_free(&m);
1610 return -1;
1611 }
1612
1613 type = buffer_get_int(&m);
1614 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1615 fatal("%s: out of sequence reply: my id %u theirs %u",
1616 __func__, muxclient_request_id, rid);
1617 switch (type) {
1618 case MUX_S_SESSION_OPENED:
1619 sid = buffer_get_int(&m);
1620 debug("%s: master session id: %u", __func__, sid);
1621 break;
1622 case MUX_S_PERMISSION_DENIED:
1623 e = buffer_get_string(&m, NULL);
1624 buffer_free(&m);
1625 fatal("Master refused forwarding request: %s", e);
1626 case MUX_S_FAILURE:
1627 e = buffer_get_string(&m, NULL);
1628 buffer_free(&m);
1629 fatal("%s: stdio forwarding request failed: %s", __func__, e);
1630 default:
1631 buffer_free(&m);
1632 error("%s: unexpected response from master 0x%08x",
1633 __func__, type);
1634 return -1;
1635 }
1636 muxclient_request_id++;
1637
1638 signal(SIGHUP, control_client_sighandler);
1639 signal(SIGINT, control_client_sighandler);
1640 signal(SIGTERM, control_client_sighandler);
1641 signal(SIGWINCH, control_client_sigrelay);
1642
1643 /*
1644 * Stick around until the controlee closes the client_fd.
1645 */
1646 buffer_clear(&m);
1647 if (mux_client_read_packet(fd, &m) != 0) {
1648 if (errno == EPIPE ||
1649 (errno == EINTR && muxclient_terminate != 0))
1650 return 0;
1651 fatal("%s: mux_client_read_packet: %s",
1652 __func__, strerror(errno));
1653 }
1654 fatal("%s: master returned unexpected message %u", __func__, type);
1655}
1656
1657/* Multiplex client main loop. */
1658void
1659muxclient(const char *path)
1660{
1661 struct sockaddr_un addr;
1662 socklen_t sun_len;
1663 int sock;
1664 u_int pid;
1665
1666 if (muxclient_command == 0) {
1667 if (stdio_forward_host != NULL)
1668 muxclient_command = SSHMUX_COMMAND_STDIO_FWD;
1669 else
1670 muxclient_command = SSHMUX_COMMAND_OPEN;
1671 }
1672
1673 switch (options.control_master) {
1674 case SSHCTL_MASTER_AUTO:
1675 case SSHCTL_MASTER_AUTO_ASK:
1676 debug("auto-mux: Trying existing master");
1677 /* FALLTHROUGH */
1678 case SSHCTL_MASTER_NO:
1679 break;
1680 default:
1681 return;
1682 }
1683
1684 memset(&addr, '\0', sizeof(addr));
1685 addr.sun_family = AF_UNIX;
1686 sun_len = offsetof(struct sockaddr_un, sun_path) +
1687 strlen(path) + 1;
1688
1689 if (strlcpy(addr.sun_path, path,
1690 sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
1691 fatal("ControlPath too long");
1692
1693 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
1694 fatal("%s socket(): %s", __func__, strerror(errno));
1695
1696 if (connect(sock, (struct sockaddr *)&addr, sun_len) == -1) {
1697 switch (muxclient_command) {
1698 case SSHMUX_COMMAND_OPEN:
1699 case SSHMUX_COMMAND_STDIO_FWD:
1700 break;
1701 default:
1702 fatal("Control socket connect(%.100s): %s", path,
1703 strerror(errno));
1704 }
1705 if (errno == ENOENT)
1706 debug("Control socket \"%.100s\" does not exist", path);
1707 else {
1708 error("Control socket connect(%.100s): %s", path,
1709 strerror(errno));
1710 }
1711 close(sock);
1712 return;
1713 }
1714 set_nonblock(sock);
1715
1716 if (mux_client_hello_exchange(sock) != 0) {
1717 error("%s: master hello exchange failed", __func__);
1718 close(sock);
1719 return;
1720 }
1721
1722 switch (muxclient_command) {
1723 case SSHMUX_COMMAND_ALIVE_CHECK:
1724 if ((pid = mux_client_request_alive(sock)) == 0)
1725 fatal("%s: master alive check failed", __func__);
1726 fprintf(stderr, "Master running (pid=%d)\r\n", pid);
1727 exit(0);
1728 case SSHMUX_COMMAND_TERMINATE:
1729 mux_client_request_terminate(sock);
1730 fprintf(stderr, "Exit request sent.\r\n");
1731 exit(0);
1732 case SSHMUX_COMMAND_OPEN:
1733 if (mux_client_request_forwards(sock) != 0) {
1734 error("%s: master forward request failed", __func__);
1735 return;
1736 }
1737 mux_client_request_session(sock);
1738 return;
1739 case SSHMUX_COMMAND_STDIO_FWD:
1740 mux_client_request_stdio_fwd(sock);
1741 exit(0);
1742 default:
1743 fatal("unrecognised muxclient_command %d", muxclient_command);
1744 }
3bcced4c 1745}
git-cvsimport mirror of OpenSSH
This page took 0.324939 seconds and 5 git commands to generate.